I am writing an application that used PKI to secure email, files etc.
Using the System.Cryptography
namespace, I am generating a new key pair using RSACryptoServiceProvider
.
The method is:
public static void GenerateKeys(int keySize, out string publicKey, out string privateKey)
{
using (var provider = new RSACryptoServiceProvider(keySize))
{
publicKey = provider.ToXmlString(false);
privateKey = provider.ToXmlString(true);
}
}
keySize
= 2048.
This results in a public key like (this has been trimmed/padded with "-----START/END PUBLIC KEY BLOCK-----" wrappers for neatness.
-----START PUBLIC KEY BLOCK-----
<RSAKeyValue><Modulus>xs1GwyPre7/knVd3CAO1pyk++yp/qmBz2TekgrehYT
WU7hs8bUCeVQrL2OB+jm/AgjdPMohWHD/tLcJy35aZgVfPI3Oa3gmXxdoLZrfNRb
nrCm3Xr1MR7wnhMyBt5XXyU/FiF46g5qJ2DUIUg7teoKDNUSAN81JTIoH0KC+rZB
oO3tu9PR7H75K5G2eT6oUWkWKcZZU/4WNCDasNtizTe41Jy99BjrChww5r2ctqG8
LvIv7UeeFaK1vhxGKaNH/7JvKJI9LbewWNtmb/nRzQg9xK3e0OhblbW+o6zg5pTw
+n37fS7pkXK7lbRfUfaQmhoGy6ox4UWGmOgm8yPu8S4Q==</Modulus><Exponen
t>AQAB</Exponent></RSAKeyValue>
-----END PUBLIC KEY BLOCK-----`
When I look at PGP based public (or private) keys, there is no <RSAKeyValue>
, <Modulus>
or <Exponent>
values inside the key.
Am I doing something wrong? Have I missed something? If I distribute this key, is this a security issue?
Crypto is a new and exciting field to me so I would REALLY appreciate any guidance here. I'm concerned I've screwed up - encrypting to the key works and decrypting the with the private key works - I was only wondering how PGP/GPG keys differ in appearance so much and what I need to do to correct this?
Thank you in advance!
The RSAKeyValue, Modulus, and Exponent tags are in there because you used the method ToXmlString().
An RSA public key is made up of the modulus and the public exponent. There is no security issue with distributing these 2 items. HOWEVER, you do NOT want to distribute any of the other items in the Private Key. The private key has these fields:
<RSAKeyValue>
<Modulus>…</Modulus>
<Exponent>…</Exponent>
<P>…</P>
<Q>…</Q>
<DP>…</DP>
<DQ>…</DQ>
<InverseQ>…</InverseQ>
<D>…</D>
</RSAKeyValue>
Do not distribute anything other than the Modulus and Public Exponent, which are found in both the Private and Public key.
When public keys are distributed, they are usually done by giving out a signed X509 certificate, which contains the public key, identification information linking that key to an entity, and a signature from a trusted authority.
If you give out the public key in the XML String format, the receiver must then use the FromXmlString() method to use it. The receiver also has no way to know if it is you who really sent the public key unless you give it to them in person (or use the certificate method above).